| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| 7 |
| 8 #include <stdint.h> |
| 9 |
| 10 #include <string> |
| 11 #include <vector> |
| 12 |
| 13 #include "base/basictypes.h" |
| 14 #include "base/compiler_specific.h" |
| 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "net/base/net_export.h" |
| 17 |
| 18 namespace net { |
| 19 |
| 20 namespace der { |
| 21 class Input; |
| 22 struct GeneralizedTime; |
| 23 } |
| 24 |
| 25 class SignaturePolicy; |
| 26 |
| 27 struct NET_EXPORT TrustAnchor { |
| 28 ~TrustAnchor(); |
| 29 |
| 30 // DER-encoded SubjectPublicKeyInfo for the trusted key. |
| 31 std::string spki; |
| 32 |
| 33 // DER-encoded "Name" corresponding to the key. |
| 34 std::string name; |
| 35 }; |
| 36 |
| 37 // A very simple implementation of a TrustStore, which contains mappings from |
| 38 // names to trusted public keys. |
| 39 struct NET_EXPORT TrustStore { |
| 40 TrustStore(); |
| 41 ~TrustStore(); |
| 42 |
| 43 std::vector<TrustAnchor> anchors; |
| 44 }; |
| 45 |
| 46 // VerifyCertificateChain() verifies a certificate path (chain) based on the |
| 47 // rules in RFC 5280. |
| 48 // |
| 49 // WARNING: This implementation is in progress, and is currently |
| 50 // incomplete. DO NOT USE IT unless its limitations are acceptable for your use. |
| 51 // |
| 52 // --------- |
| 53 // Inputs |
| 54 // --------- |
| 55 // |
| 56 // cert_chain: |
| 57 // A non-empty chain of N DER-encoded certificates, listed in the |
| 58 // "forward" direction. |
| 59 // |
| 60 // * cert_chain[0] is the target certificate to verify. |
| 61 // * cert_chain[i+1] holds the certificate that issued cert_chain[i]. |
| 62 // * cert_chain[N-1] must have been issued by a trust anchor |
| 63 // |
| 64 // trust_store: |
| 65 // Contains the set of trusted public keys (and their names). |
| 66 // |
| 67 // signature_policy: |
| 68 // The policy to use when verifying signatures (what hash algorithms are |
| 69 // allowed, what length keys, what named curves, etc). |
| 70 // |
| 71 // time: |
| 72 // The UTC time to use for expiration checks. |
| 73 // |
| 74 // --------- |
| 75 // Outputs |
| 76 // --------- |
| 77 // |
| 78 // Returns true if the target certificate can be verified. |
| 79 NET_EXPORT bool VerifyCertificateChain(const std::vector<der::Input>& certs_der, |
| 80 const TrustStore& trust_store, |
| 81 const SignaturePolicy* signature_policy, |
| 82 const der::GeneralizedTime& time) |
| 83 WARN_UNUSED_RESULT; |
| 84 |
| 85 } // namespace net |
| 86 |
| 87 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414923007:
Add initial code for verifying a certificate chain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test_driver